interesting fake spam domain

Date view Thread view Subject view Author view

From: Udhay Shankar N (
Date: Sat Feb 10 2001 - 01:07:49 PST

[resending since is down]

** ? Rohit, you been doing something we should know(now) about ? :)

On Wed, 7 Feb 2001 14:50:52 -0000, in "Dave Korn"
<no.spam@my.mailbox.invalid> wrote:

> wrote in message <95pd0t$ev7$>...
>>Below is an email header that was attached to some SPAM someone in my
>>network received. Maybe I'm reading it wrong, but it looks like the
>>email came from However, everything I've seached (whois,
>>etc) says that does not exist. Am I missing something?
>>The hostnames and IP's have obviously been changed.
>>Received: from ([]) by with
>>SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
>> id 1DZTSJ7A; Fri, 2 Feb 2001 13:31:20 -0500
>>Received: from ( [])
>> by (8.9.3/8.8.7) with SMTP id NAA18216
>> for <>; Fri, 2 Feb 2001 13:34:49 -0500
> OK, these two hops are inside your corporate network, right.
>>Received: from unknown ( by with SMTP id
>> (InterLock SMTP Gateway 4.2 for <>);
>> Fri, 2 Feb 2001 13:33:46 -0500
> Well, you're fucked there. Your internal gateway keeps track of the HELO
>command sent by the spammer, which is almost certainly forged, but didn't
>bother logging the IP they connected from. This is worse than useless. You
>have no way whatsoever of tracing this spammer because your machine
>discarded the one vital piece of information that could have tracked them.
> That sounds a bit cramped. Remember to maximize the window before you try
> DaveK
>They laughed at Galileo. They laughed at Copernicus. They laughed at
>Columbus. But remember, they also laughed at Bozo the Clown.

((Udhay Shankar N)) ((udhay @ ((
      God is silent. Now if we can only get Man to shut up.

Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Mon Feb 12 2001 - 12:45:43 PST